Application Security Weekly Subscribe

Vulnerability Management, Application security

Application Security Maturity and Frameworks – Francesco Cipollone – ASW #239

May 1, 2023

Application security is messy and is getting messier. Modern application security teams are struggling to identify what's more important to fix. Cloud security and application security is getting squeezed all together. Modern vulnerability maturity needs a new approach and guidance. Vulnerability management framework and mature defect management is often overlooked as organizations tend to identify issues and stop there.

The devil is usually in the details and time gets burned down in identifying who needs to solve what where. Vulnerability Management Maturity Framework has been created to address that.

Segment Resources:

Framework: https://phoenix.security/vulnerability-management-framework/

Books on metrics: https://phoenix.security/whitepapers-resources/data-driven-application-security-vulnerability-management-are-sla-slo-dead/

Vulnerability aggregation and prioritization https://phoenix.security/whitepapers-resources/whitepaper-vulnerability-management-in-application-cloud-security/

Shift left: https://phoenix.security/shift-everywhere/

Vulnerability management talk: https://phoenix.security/web-vuln-management/

Vulnerability management framework playlist (explained) https://www.youtube.com/playlist?list=PLVlvQpDxsvqHWQfqej5Gs7bOd-cq8JO24

How to act on risk: https://phoenix.security/phoenix-security-act-on-risk-calculation/

Full episode and show notes

Announcements

Our teams from Security Weekly and SC Media were onsite at RSA Conference 2023 delivering in-depth reporting, analysis and interviews from the conference. If you were unable to join us in person, or didn't manage to catch our video livestream from Broadcast Alley, you can access all of our RSAC 2023 coverage at https://securityweekly.com/rsac.

Guest

Francesco Cipollone

CEO & Founder at Phoenix Security

Francesco Cipollone is a multi start-upper and cybersecurity professional. Francesco was the former AppSec and Cloud Security lead for HSBC, lead Cloud Security for AWS Professional Services, and previously consulted with the United Nations. He is also Chair of the Cloud Security Alliance, a published author, podcaster, and public speaker.

Hosts

Tech Lead at Block

AVP Application Security at PRA Group

Senior Engineering Leader at AWS

Related

Vulnerability Management

Tesla, Druids, Salt Typhoon, North Korea, Amazon, Microsoft, Google, Joshua Marpet… – SWN #433

November 22, 2024

Tesla, Druids, Salt Typhoon, North Korea, Amazon, Microsoft, Google, Joshua Marpet, and More, on this edition of the Security Weekly News.

Vulnerability Management

Fortinet, Palo Alto, VMWare – PSW #852

November 20, 2024

Fast cars kill people, Apple 0-Days, memory safety, poisoning the well, babble babble and malware that tries really hard to be stealthy, Palto Alto and Fortinet have some serious new vulnerabilities, open-source isn't free, but neither is commercial software, get on the TPM bus, find URLs with stealth, stealing credentials with more Palto Alto and ...

Vulnerability Management

Google DeGoogled, Hammerbarn, Blofeld, VMWare, DeepData, SafePay, Josh Marpet and… – SWN #432

November 19, 2024

Google DeGoogled, Hammerbarn, Blofeld, VMWare, DeepData, SafePay, Josh Marpet and more on the Security Weekly News.